Max CVSS 7.8 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-15605 7.5
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
20-07-2021 - 23:15 07-02-2020 - 15:15
CVE-2019-15606 7.5
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
20-07-2021 - 23:15 07-02-2020 - 15:15
CVE-2019-15604 5.0
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
20-07-2021 - 23:15 07-02-2020 - 15:15
CVE-2019-5739 5.0
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier
16-10-2020 - 19:08 28-03-2019 - 17:29
CVE-2019-5737 5.0
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly
16-10-2020 - 19:08 28-03-2019 - 17:29
CVE-2019-16777 5.5
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and cre
09-10-2020 - 13:36 13-12-2019 - 01:15
CVE-2018-7161 7.8
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 se
20-03-2020 - 21:15 13-06-2018 - 16:29
CVE-2018-7162 7.8
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending
20-03-2020 - 21:15 13-06-2018 - 16:29
CVE-2018-7164 5.0
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker c
20-03-2020 - 21:15 13-06-2018 - 16:29
CVE-2018-7167 5.0
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero
20-03-2020 - 21:15 13-06-2018 - 16:29
CVE-2018-12121 5.0
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of
20-03-2020 - 21:15 28-11-2018 - 17:29
CVE-2018-12122 5.0
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources ali
20-03-2020 - 21:15 28-11-2018 - 17:29
CVE-2018-12123 4.3
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a m
20-03-2020 - 21:15 28-11-2018 - 17:29
CVE-2018-12116 5.0
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a secon
20-03-2020 - 21:15 28-11-2018 - 17:29
CVE-2018-12115 5.0
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a
20-03-2020 - 21:15 21-08-2018 - 12:29
Back to Top Mark selected
Back to Top